Multi-WAN using VLANs with pfSense

From PFSenseDocs

Summary

The situation covered here is about the needs of an internet/gaming center with 30 PCs. Due to the high cost of T3/T1/Leased line, we opted for a multiwan solution capable of providing sufficient bandwidth for 30+ users at a time, based on relatively cheap ADSL lines.

Details

So we've a pfSense setup with VLANs (on one NIC) engaging 5 ADSL lines + wifi + LAN, to a 3 NIC server (2 x 10/100 mboard integrated + 1 PCI Gbit). The server is an Intel Celeron with 1Gb RAM and 100Gb HD, in 1U rack case.

To accomplish this setup we employed a fairly cheap VLAN capable switch, connecting the ADSL modems and our VLAN dedicated nic. We dont use the same switch for LAN or wifi connectivity. LAN NIC is connected to our LAN switches and NIC dedicated to wifi connects directly with our access point.

Netgear Smart switch FS726T was our choice (http://www.netgear.com/Products/Switches/SmartSwitches/FS726T.aspx); we purchased this switch mid Dec. 2006 and we used it with no issues. Another pfsense user, pointed out to me that he faced issues with firmware prior to that date - so take this in consideration, and if you have problem with this hardware - upgrade to the latest firmware.

All ADSL modems/routers, configured to NAT all traffic to pfSense VLAN interfaces (using the DMZ server option of the modem to forward all traffic to pfSense interface IP).

Once you become familiar with your vlan switch you must setup your desired vlans. In our case we're only using the switch to connect our adsl lines with 1 of the server nics (10/100), as said above, so setup didn't take longer than 15 minutes.

We don't use the VLAN NIC directly.. we rather created vlans based on that nic.. vlan2 to vlan6. vlan2 --> wan, vlan3 --> opt1, and so on to vlan6 --> opt4 (we renamed opt1 to wan2, etc.)

WARNING

IMPORTANT and CRITICAL: USE CORRESPONDING VLAN ID numbers in your switch and pfSense otherwise nothing will work!

Meaning that if you create vlan2 to vlan6 in pfsense then you need to do the same in the switch (switch vlan2 to vlan6); don’t use vlan1 usually dedicated to switch administration by default.

Our Netgear setup was straight forward.. we dedicated switch ports 1-5 to the adsl modem/routers and port 22 to connect directly with pfsense nic (the one we dedicated for vlans), creating : vlan2 = switch port1 <--> switch port22, to vlan6 = switch port5 <--> switch port22. A bit confusing in the beginning, but what is not??

Then we connected adsl modem1 to switch port1, modem2 to switch port2 and so on.. Every modem has an internal ip of type 192.168.x0.1/255.255.255.0, with DHCP server disabled.

So we configured modem 1 with ip 192.168.20.1; the resulting configuration for WAN at pfsense (vlan2 interface) is ip 192.168.20.10 (we gave all pfsense wans ips of type 192.168.x0.10) and GW 192.168.20.1 (our ADSL modem IP)..

As you may see we left as it is FTP helper and the rest.

Modem 2 has LAN ip 192.168.50.1 and OPT1(renamed to WANB) at pfsense (vlan3 interface) with ip 192.168.50.10 and GW 192.168.50.1 (adsl modem's 2 ip)..and so on.

The LAN interface goes as following:

So up to this point, we have achieved almost half the way.. all cabling done (good to use grounded cables connecting modem routers and pfsense with switch..) and we test communication with our pfsense box from within our LAN, using a browser at http://192.168.10.1 (pfsense LAN ip).

What's missing now, apart to become very familiar of the logic that pfSense works (reading howtos like this one), is to:

Setup our load balancer specifying how many, if not all, of our ADSL WANs our users will be using to go out internet. In our case we included all 5 ADSL lines into the same load balancer.